Cyberactivity consequences for the Defense Industrial Base

By Andrew Wagner | Published Monday, March 12, 2018

A

A

A

While the world’s eyes are on North Korea’s nuclear ambitions, their cyber program has been wreaking havoc. Last year, North Korea launched cyberattacks against U.S. defense contractors. While these attacks from Pyongyang were an act of industrial espionage, spying is only one of three cyber strategies that the North Koreans engage in. The rogue state is also known for asset destruction and racketeering attacks.

“They are kind of unique as a national state actor. They go from really low-level stuff, like World of Warcraft scamming, online gambling-type stuff all the way to really sophisticated attacks on the financial system,” said Ross Rustici, senior director of Intelligence Services at Cybereason. “They attacked the SWIFT network which is the protocol used to transfer money around the world from central banks. They would go after Wall Street if they had the access to. For the most part, they’ve been spending a lot of time going after their neighbors in Southeast Asia, because the defenses tend to be lower and it is easier to get into. This is a global problem and the financial industry in the United States is vulnerable as well.”

Rustici said that the best way to avoid getting hacked, or at least mitigate the damage, is to have up to date and informed security.

“Compliance is not security, It’s the minimum bar, you have to do it. But once you get past that hurdle, you really need to be up to date on your patching… really create a program that allows you to know what is going on in your environment and catch these actors as they get their foothold,” Rustici told Government Matters. “It is cliché in the cybersecurity business at this point, but it’s not if you get hacked but when, and the remediation time from when they first get into your network to when they achieve their objective, is really the only thing you have control over.”